SAN FRANCISCO (Reuters) - A potentially dangerous Internet attack on personal computers by a virus designed to steal financial data and passwords from Web users rippled across the Internet on Friday, computer security experts said.

The attack, which surfaced earlier this week and is known as the "Scob" outbreak, exploits a vulnerability in servers using a version of Microsoft Corp.'s IIS software, and has been called more dangerous than the recent "Sasser" and "Blaster" infections.

The infected servers in turn exploit another vulnerability in Microsoft's Internet Explorer browser to install a Trojan Horse virus on the PCs of Web surfers who visit the infected Web sites, said Alfred Huger, senior director of engineering at Internet security company Symantec Corp.

"All of this takes place while it looks like you're viewing the same Web page," Huger said. "You don't even know that parts of your browser have been redirected to another Web site."

The U.S. Computer Emergency Readiness team warned on its Web site that "any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code."

The Trojan Horse places a keystroke logger on users' PCs and is designed to capture credit card numbers and passwords and send them back to a server in Russia, said Michael Murray, director of vulnerability and exposure at computer security firm nCircle Network Security.

By late Friday, however, the threat to users' personal data seemed to have diminished, at least for the time being.

"The server appears to have been shut down in the last eight hours," Murray said. "We don't know if it was shut down by authorities or whether it was accidental."

NO PATCHES YET

The attack is more alarming than most because there are no patches available yet from Microsoft to fix the vulnerability in Internet Explorer that lets the hackers take control of computers, security researchers said.

On its Web site, Microsoft said users could search for the files "Kk32.dll" or "Surf.dat" to see if their PCs were infected. The company also suggested that users set their browser security level to "high."

Stephen Toulouse, a security program manager at Microsoft, said there were three vulnerabilities involved in the attack, two of which Microsoft addressed in April with software patches. He said Microsoft was working on a patch to fix this latest vulnerability, which was published about two weeks ago.

Toulouse said that version 5 of Microsoft's Internet Information Services software which had not had an April patch installed was vulnerable to being turned into a virus transmitter.

"The attacker is exploiting a vulnerability and changing the Web pages on the server and turning them around to try and exploit vulnerabilities on Internet Explorer that customers are using to view the (infected) Web sites," Toulouse said.

Most anti-virus software has been updated so that it can prevent the Trojan Horse from being installed, but because there is no patch, there's no way to prevent future attacks to install the virus, Huger said.

"The truly alarming part is there is no patch available for that vulnerability," Huger said.

The Macintosh version of Internet Explorer is not affected, nor are non-Microsoft browsers such as Mozilla, Opera and Apple Computer Inc.'s Safari browser, security experts said.

? Reuters 2004. All Rights Reserved.

_________________Fast computers wanted to cure diseases: Distributed Computing
Do you like the site? Did I help you out?
Please consider upgrading to an Advantage Account. It helps the site's expensive costs. Thanks!

Congrats on the new beginning, Mr. Krebs. You've assuaged me from consistently wanting to visit the site of your previous business once more, and for that I am interminably thankful. Hire Someone to Write Assignment for Me

This stayed inside the organization, inside the walled garden of a private data center. The second wave started with the digitization and automation of supplier–client interactions. Following B2B e-commerce platforms, this digitization has spread to every retail client with internet access and a mobile device.